Cover photo

Why DAOs Need Better Decentralized Identity Tools

This article was originally published on Medium on May 12th, 2022 It has been republished here with minor updates for clarity.

DAOs are driven by their communities. But who is actually part of these communities? Today, individuals are represented by Ethereum addresses, but this approach has shortcomings. Ethereum addresses can be created costlessly and anonymously, which means many Ethereum addresses are often owned by the same individual.

I argue that the ability to link off-chain and on-chain identity is a key cornerstone which must be addressed for DAOs to reach their full potential. Web3 culture is reminiscent of the beginnings of the internet, where anonymous forums were the breeding grounds for ideas and many people felt liberated by the ability to post anonymously. The freedom was conducive for developing risky and disruptive ideas; stakes were low and you didn’t run into the risk of putting your professional reputation on the line for expressing whacky and unconventional ideas. However, pseudonymous posting & decision making is also a real constraint in the development of transparent, forward-oriented and democratic DAO governance and operation.

The DAO landscape has become vast. We are now presented with market making protocol DAOs like Maker or Uniswap, Investment & Collector DAOs, social DAOs like Friends with Benefits, service DAOs like Raid Guild, entertainment DAOs like eDAO, and more.

post image
From: https://www.readthegeneralist.com/briefing/dao

Decentralized identity tools are important for any DAO, while their contribution to the operations of particular DAOs may differ from one to another.

Market making protocol DAOs rely heavily on external contributions for improvements. Identity tools may seem less important if the primary objective is to hire the best contractors for a particular technical task. However, anonymous contributors can more easily act maliciously without identity guarantees, for example by building a back door into a particular code snippet. Ethereum addresses can be blacklisted from future contributions, but it does not prevent the actor from using a different address to carry out a similar attack in the future.

Highly skilled contributors can more easily build their reputation and credibility if they are uniquely identifiable. This makes identity tools particularly important for service DAOs. Identity tools should be used to incorporate information about a contributor’s past projects and link it to their identity — as is currently pioneered by SkillWallet. This would enable individuals looking for contributors with particular skills to be easily matched with those who have those skills in their repertoire.

Tools which allow members to securely and reliably identify each other would be invaluable for Social DAOs. They would ensure that there exists a baseline level of trust between members which in turn creates a much better climate for connecting like minded people.

Investment DAOs, particularly those which give out grants or fund ecosystem infrastructure require very thoughtful governance decisions to make sure that their money reaches the right projects and individuals. Tying governance power to the expertise, skill and experience of a particular individual is crucial to ensure that the right people weigh in on governance decisions. DAOs dishing out funds desperately need decentralized identity tools, as their governance decisions can profoundly impact the whole blockchain ecosystem well into the future.

Any DAO without decentralized identity is vulnerable to Sybil attacks. In a Sybil attack, individuals create several addresses and attempt to manipulate the governance framework by spamming the network with proposals or by attempting to vote several times with different addresses. This behavior is particularly problematic for “one person one vote” implementations. There is a real possibility that in the future entire organizations, businesses and perhaps even governments will make decisions in a transparent & decentralized manner by interfacing with blockchains. To enable this future, we need tools to prevent the same individual from using multiple addresses and maliciously acting.

Soulbound NFTs & ENS

Vitalik Buterin coined the idea of Ssoulbound NFT’s in a recent blog post. The scope of his proposal is fairly general, but the basic premise is that holders of a specific “ID NFT”, could be identified precisely because their address holds that particular NFT, which expresses their off-chain identity. There are a few challenges that need to be overcome before this can be implemented in practice. First, how is the NFT issued? The thought is that this is similar to a proof of attendance (POAP) NFT, which is a unique NFT issued to attendees of a particular event to prove their attendance. However, I could give my wallet to my friend to redeem a POAP token even though I didn’t attend the event. Secondly, how do we ensure soulbound NFTs stay with one holder? Almost all NFTs, including POAPs, are transferable in practice. Individuals may want to move assets to different wallets and addresses for security reasons. This flexibility poses a challenge for the concept of a soulbound NFT, as one would need to go through the transactional history of an NFT to see whether it truly identifies a particular individual. One solution would be to tie a soulbound NFT to a particular ENS (Ethereum Name Service) domain which users are unwilling to give away, or the ENS name itself could function as a unique identifier.

Kleros Proof of Humanity

A more refined version of the Soulbound NFT was implemented by Kleros, who have developed an ERC-20 registry called proof of humanity. In this registry, a particular offline identity is uniquely linked to an Ethereum address. Proof of Humanity requires you to submit a video, a deposit, and the vouching of someone already on the registry to confirm that the individual wishing to be registered is indeed a real human and not already present in the registry. The incentive structures are such that registered members have a strong interest in only having real humans registered, as monetary rewards are provided for those who challenge submitters whose submissions are in violation of the guidelines. Checking that a particular address is indeed registered on Kleros’ Proof of Humanity would be a way to whitelist individuals who have a unique real world identity tied to a particular set of skills and experiences.

Proof of Existence

Governor DAO has come up with a way of issuing unique individuals non-transferrable ERC20 “Proof-of-Existence” tokens based on biometric authentication technology. They achieve this by allowing users to login with MetaMask and then hashing hundreds of data-points collected in their onboarding portal from audio and visual data. This leads to the creation of a unique encrypted output hash representing the individual, and Governor DAO receives the hash that corresponds to the input address. Those who pass this identification test receive said “Proof-of-Existence” token, which is attached to their wallet indefinitely. This token represents a unique source of identity. A given user’s sensory data would generate the same hash and thus would preclude the user from generating another Proof-of-Existence token affiliated with a different address. This is perhaps the most sophisticated identity tool out there. However, it requires access to biometric identity tools, which is a concern from a privacy perspective because user data has to be provided for the creation of the unique hash.

Spruce ID — DID

Spruce ID has tackled the problem of identity in much grander fashion, aiming to implement a sophisticated decentralized identifier and verifiable credential framework. Decentralized identity aims to move away from a centralized database which stores identity records as this represents a single point of failure. The core idea is that the credential to be stored is a user’s address, which is held in a wallet and linked to their identity. This particular credential can then be verified by a so-called agent. Spruce has a wallet called Credible and a solution called DIDKit which provides a decentralized identity and credential verification framework across platforms. The term DID corresponds to decentralized identifiers, which function as data registries for specific kinds of identifiers. The way these DIDs work in practice is rather involved. There are various protocols, but in general they contain namespace rules, cryptographic signatures schemes, and blockchain-specific data models and algorithms as shown below:

post image
From: https://www.w3.org/TR/did-core/#architecture-overview

With the DIDKit, one can sign and verify specific types of credentials denoted as W3C Verifiable Credentials. W3C Verifiable Credentials correspond to information related to identifying the subject of the credential such as a photo, name or identification number. DID is a sophisticated approach to blockchain identity, but it currently requires a lot of infrastructure and service provision to be fully implemented — further research and development is needed.

Conclusion

Decentralized identity tools are invaluable for DAOs. We need more tools to increase resilience and security in the face of Sybil attacks. DAO communities need decentralized tools that help individuals accrue credentials, experience, and reputation. More investment is needed to improve the adoption and the user experience of decentralized identity tooling, but we do have some early, promising candidates. The proof of humanity (PoH) and proof of existence (PoE) implementations seem particularly exciting to me, but it is likely that more work needs to be done before we will see widespread adoption. I hope to see some DAOs set a precedent by incorporating one or more of the early identity tools outlined in this article into their stack.

Bibliography

Buterin, Vitalik. “Soulbound.” Vitalik Buterin’s Website, 26 Jan. 2022, https://vitalik.ca/general/2022/01/26/soulbound.html.

“Decentralized Identifiers (Dids) v1.0.” W3C, https://www.w3.org/TR/did-core/#architecture-overview.

James, Stuart. “Proof of Humanity — an Explainer.” Kleros, Kleros, 12 Mar. 2021, https://blog.kleros.io/proof-of-humanity-an-explainer/.

Mueller, Thomas. “Dao Series Part 2: How to Use Decentralized Identity to Build Trusted Communities.” Medium, Medium, 23 Apr. 2022, https://thmueller.medium.com/decentralized-identity-3-ways-to-build-trust-in-your-dao-4871491903c8.

“Proof of Existence Documentation.” Poe Overview — Governor Dao Docs, Governor DAO, 2022, https://docs.governordao.org/proof-of-existence-documentation/poe-overview.

“What Is Decentralized Identity?: Spruce Developer Portal.” Spruce Developer Portal Blog RSS, https://spruceid.dev/docs/primer/.

“Your Dao Guide — the Most Important Dao Categories Defining the Space.” Ledger, 24 Dec. 2021, https://www.ledger.com/academy/your-dao-guide.